Posted by: maxsteel
botnets, IP address reputation scoring, ipTrust
ipTrust, a start-up backed a couple of Internet Security Systems veterans, launched today and debuted its new botnet detection service and IP address reputation capabilities. The company, a subsidiary of Endgame Systems, also announced $29M in venture financing.
Chris Rouland, ISS CTO, and Dan Ingevaldson, former director of ISS’ XForce research team, said the company has been in hibernation for two years building security services for the federal government. During that time, they’ve been collecting data and maintaining state on millions of IP addresses looking for sites sending spam and malware, and recruiting for botnets. That data feeds the reputation engine at the heart of two products announced today: ipTrust Professional and ipTrust Web.
IpTrust Professional is a cloud-based API that enables integration with existing applications or services. Users can make queries in real time against their database to receive reputation scoring against any IP address on the Net, Ingevaldson said. Unlike other reputation engines that are primarily geolocation-based, this one can also take into account whether an IP address is infected with a Trojan or worm, or has been part of a botnet and sent spam before. User can then make the decision whether to deny access to or from that IP address.
“What we’re doing here is building an interface with this API into a massive data set,” Ingevaldson said. “We’ve collected 275 million pieces of information on IP addresses that we’re keeping state on. We’re collecting one terabyte of security event information weekly–and that’s going up all the time. We can scale to petabyte size. Our customers don’t have to download a petabyte of information, but our API allows them useful interfaces so they can make smarter decisions based on the information we provide them.”
IpTrust Web is a free infection notification service delivered in a software-as-a-service model. Users sign up online and provide a range of external IP addresses to be monitored. If an event occurs, an email notification is sent that contains a link to the ipTrust Web portal where the user gets rich metadata on the details, Ingevaldson said.
“The use cases more limited, but more focused,” Ingevaldson said. “That’s the opportunity here. We don’t intend to send an SMS with 10 million events. If your Blackberry goes off, you’ve got a Conficker infection, for example, with a link to our portal. It’s much more focused, much more refined and precise.”